Re: [PATCH] x86/speculation/l1tf: Exempt zeroed PTEs from XOR conversion
From: Sean Christopherson
Date: Fri Aug 17 2018 - 13:01:51 EST
On Fri, Aug 17, 2018 at 09:13:51AM -0700, Linus Torvalds wrote:
> On Thu, Aug 16, 2018 at 1:47 PM Sean Christopherson
> <sean.j.christopherson@xxxxxxxxx> wrote:
> >
> > Fixes: 6b28baca9b1f ("x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation")
>
> This seems wrong.
>
> That commit doesn't invert a cleared page table entry, because that
> commit still required _PAGE_PROTNONE being set for a pte to be
> inverted.
>
> I'm assuming the real culprit is commit f22cc87f6c1f
> ("x86/speculation/l1tf: Invert all not present mappings") which made
> it look at _just_ the present bit.
>
> And yeah, that was wrong.
>
> So I really think a much better patch would be the appended one-liner.
>
> Note - it's whitespace-damaged by cut-and-paste, but it should be
> obvious enough to apply by hand.
>
> Can you test this one instead?
Checking for a non-zero val in __pte_needs_invert() also resolves the
issue. I shied away from that change because prot_none_walk() doesn't
pass the full PTE to __pte_needs_invert(), it only passes the pgprot_t
bits. This works because PAGE_NONE sets the global and accessed bits,
but it made me nervous nonetheless.
> Linus
> ---
>
> arch/x86/include/asm/pgtable-invert.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/pgtable-invert.h
> b/arch/x86/include/asm/pgtable-invert.h
> index 44b1203ece12..821438e91b77 100644
> --- a/arch/x86/include/asm/pgtable-invert.h
> +++ b/arch/x86/include/asm/pgtable-invert.h
> @@ -6,7 +6,7 @@
>
> static inline bool __pte_needs_invert(u64 val)
> {
> - return !(val & _PAGE_PRESENT);
> + return val && !(val & _PAGE_PRESENT);
> }
>
> /* Get a mask to xor with the page table entry to get the correct pfn. */